New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[enhancement]: Allow UserPrincipalName of (group) managed service accounts (gMSA) #5057

Open

Darsstar opened this issue Dec 4, 2024 · 0 comments

Labels

Area: Agent enhancement triage

Darsstar commented Dec 4, 2024 •

edited

Loading

Describe your feature request here

It would be nice to be able to use the UserPrincipalName of (group) managed service accounts during setup.

ComputerPrincipal.FindByIdentity(PrincipalContext, String) could perhaps be used in IsManagedServiceAccount to normalize to the SAMAccountName which is required for NetIsServiceAccount.
It would need to receive the unsanitized value. (NetIsServiceAccount seems to accept the $ just fine on the server I used to test, so a comment as to why that happens might be a good idea.)

Edit: https://serverfault.com/a/518290/408176 describes how we add a UPN to gMSA objects.

The text was updated successfully, but these errors were encountered:

Darsstar added the enhancement label

github-actions bot added Area: Agent triage labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment